|
Information security is such a broadly applicable and important topic that we advise all organisations to establish a framework of infosec policies, standards and guidelines. In anything but the simplest of organisations, however, this is no trivial task given the typical range of technologies in use (e.g. various operating systems, application systems, databases and networks) and the range of business departments using IT.
We can advise and assist from the specification and design of the infosec framework as a whole (including a risk-based justification for the resources necessary to complete the job), through its development (writing the policies, standards and guidelines) to implementation (training and awareness, testing systems, tweaking network systems security configurations etc.) and normal operations (updating and improving the framework to track changes in the organisation and in the external environment, testing compliance and so forth). We generaly prefer to use the framework provided in BS7799. Our consultants have 'learnt the lessons' of previous implementations and bring their hard-won knowledge of best practice to the job in hand. Working as a team with the organisation's business managers, technologists and (where available) information security staff, we will help you successfuly design and install an infosec framework to suit your particular requirements (a bespoke standards framework, no less!). Once in place, the infosec framework becomes an extremely important plank in the organisation's system of corporate governance. With recent changes in legislation, company acounts now need to include statements about the soundness of internal controls. Chief Executives who cannot rely on such a framework are making some pretty bold assumptions! |
